WordPress HTTPS (SSL)
securing xmlrpc.php (2 posts)

  1. stefann
    Posted 2 years ago #

    I'm trying to secure connections for users who manage blog posts from one of the WordPress apps (like iPad) and forget to include https:// when specifying the blog URL. Can I use this plugin to control HTTP requests to xmlrpc.php by redirecting them to the HTTPS version. Would this guarantee that the password doesn't get sent in the clear or would the password be sent one time over HTTP and a second time over HTTPS? Thanks!


  2. Mike Ems
    Plugin Author

    Posted 2 years ago #

    No. You would need to use a redirect rule in your .htaccess.

    If someone makes a POST to an HTTP page, even if that page is being redirected immediately, there is a chance that it could be intercepted. Furthermore, it's possible that the POST will be lost when the redirect occurs.

    Hope that helps.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WordPress HTTPS (SSL)
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic